Tue. May 26th, 2020

Ryuk Ransomware Claims Another Victim

T-System, a Dallas-based company that provides end-to-end solutions to hospitals, has been hit by a Ryuk ransomware attack, Bleeping Computer reports.


According to German Fernandez, the security researcher who discovered the attack, he was doing open-source intelligence (OSINT) for Ryuk indicators when he noticed that many of the platforms managed by T-Systems were down.


In a statement to Bleeping Computer, Fernandez said it looks like the ransomware infection spread to public segments such as DMZ, extranet, and helpdesk.


Even more, the company’s site index shows that files were added the .RYK extension specific to Ryuk as well as the ransom note in HTML.



The ransom note directs victims to contact the attacker at “lenmovala1981@protonmail.com” for payment instructions.


Even more, Bleeping Computer reports that the note includes the phrase “balance of shadow universe,” which indicates that the Ryuk sample used in the attack is a recent one, discovered by MalwareHunterTeam in June.”


Although T-Systems has not announced the attack, it’s worth noting that over 40% of U.S. hospitals use T-System products.